Ledger CTO discusses the security issues concerning the popular hardware wallet

In a recent interview, Charles Guillemet, the CTO of Ledger, a popular hardware wallet provider, responded to all the project criticisms. Ledger has been subject to many difficulties in recent times. It suffered a breach in its customer contact database and a wallet vulnerability that put users’ Bitcoin at risk. 

Discussing the data breach, Guillemet said that an attacker got access to a portion of the firm’s e-commerce and marketing database through a third party’s API key that was misconfigured on their website. This allowed unauthorized access to their customers’ contact details and order information. He added that Ledger fixed the issue and disabled the troublesome API key that same day. Guillemet also noted that payment information, credentials (passwords) or cryptocurrency funds were not affected due to the breach. 

On August 5, a software vulnerability was detected in Ledger, which provided a bridge between Bitcoin and its various forks like Litecoin. Ledger issued a software update on the same day to fix the issue. In a later blog, the company reassured its users that attackers could not exploit the vulnerability to “obtain sensitive data like your private keys or recovery phrase.” 

Although Ledger’s wallets provide parameters for enhanced security, users must still be aware of the best practices to protect their assets. Guillemet explained that Ledger “is most worried about phishing attempts — emails from scammers pretending to be us.” He added that the company will never ask its users for the 24 words of their recovery phrase. 

Speaking of safeguards against malware, Guillemet said: 

Ledger devices are designed to protect users’ funds against malware on users’ computers, including fake Ledger Live applications.